Primitives for tcp/udp/icmp flow

[CS Lee]

Hey Carter,

Except the one listed in the man page such as syn, synack unreach and so
forth. Are there any other options that are available that not mentioned in
the man page. Is any other workaround if I want to search for the flow that
contains syn flag only but ignoring others and I have to use

ra -r argus-test.arg - syn and ! \(synack or reset or fin or finack\) and
dst net 192.168.5.0/24

sometimes I'm lazy with the flag and I just use

ra -r argus-test.arg -Z b | egrep '\<S_\>'

Both do the job but the first one requires me to call complex filter
combinations. This is great to look for scanning activity to your network.

Another thing is will raxml shipped with completion in argus clients 3.0 as
currently my friend thinks of using raxml and parsing the data to db.

Thanks.

-- 
Best Regards,

CS Lee<geekooL[at]gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20070514/21acf434/attachment.html>